Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking Digg  Social bookmarking Delicious  Social bookmarking Reddit  Social bookmarking Stumbleupon  Social bookmarking Slashdot  Social bookmarking Yahoo  Social bookmarking Google  Social bookmarking Blinklist  Social bookmarking Blogmarks  Social bookmarking Technorati  

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14449 usuários registrados
O último usuário registrado atende pelo nome de wostemberg3

Os nossos membros postaram um total de 35202 mensagens em 3565 assuntos
Últimos assuntos
» alguém pode me ajudar?
por joram Dom 19 Nov 2017, 22:51

Quem está conectado
4 usuários online :: Nenhum usuário registrado, Nenhum Invisível e 4 Visitantes :: 1 Motor de busca

Nenhum

O recorde de usuários online foi de 108 em Qui 15 Maio 2014, 21:18
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Novembro 2017
SegTerQuaQuiSexSabDom
  12345
6789101112
13141516171819
20212223242526
27282930   

Calendário Calendário


Navegadores infectados!

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

Navegadores infectados!

Mensagem por Coelhocego em Qui 01 Maio 2014, 16:20

Boa tarde!
Amigos,
Já desinstalei o Chrome e o Fire fox e nada...
Peguei algo um pouco chato em meu PC!!
Segue abaixo o relatório.
Agradeço pela ajuda.

# AdwCleaner v3.205 - Relatório criado 01/05/2014 às 16:09:24
# Atualizado 28/04/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : Glauco - Glauco-PC
# Executando de : C:\Users\Aurelio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N06PU7ZS\adwcleaner.exe
# Opção : Examinar

***** [ Serviços ] *****

Serviço Encontrado : IePluginService
Serviço Encontrado : wStLibG64

***** [ Arquivos / Pastas ] *****

Arquivo Encontrado : C:\END
Arquivo Encontrado : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml
Arquivo Encontrado : C:\Users\Aurelio\AppData\Local\funmoods-speeddial.crx
Arquivo Encontrado : C:\Users\Aurelio\AppData\Roaming\aps.uninstall.scan.results
Arquivo Encontrado : C:\Users\Aurelio\daemonprocess.txt
Arquivo Encontrado : C:\Windows\System32\Tasks\pricemeterdownloader
Arquivo Encontrado : C:\Windows\System32\Tasks\pricemetertask
Arquivo Encontrado : C:\Windows\System32\Tasks\pricemeterwatcher
Arquivo Encontrado : C:\Windows\System32\Tasks\SaveSense
Arquivo Encontrado : C:\Windows\Tasks\SaveSense.job
Pasta Encontrado : C:\Program Files (x86)\Bench
Pasta Encontrado : C:\Program Files (x86)\BringStar
Pasta Encontrado : C:\Program Files (x86)\Funmoods
Pasta Encontrado : C:\Program Files (x86)\predm
Pasta Encontrado : C:\Program Files (x86)\SaveSenseLive
Pasta Encontrado : C:\Program Files (x86)\SupTab
Pasta Encontrado : C:\Program Files (x86)\Uninstaller
Pasta Encontrado : C:\Users\Aurelio\.android
Pasta Encontrado : C:\Users\Aurelio\AppData\Local\Mobogenie
Pasta Encontrado : C:\Users\Aurelio\AppData\Local\PriceMeterLiveUpdate
Pasta Encontrado : C:\Users\Aurelio\AppData\Local\SaveSenseLive
Pasta Encontrado : C:\Users\Aurelio\AppData\Local\Tuguu_SL
Pasta Encontrado : C:\Users\Aurelio\AppData\Local\webplayer
Pasta Encontrado : C:\Users\Aurelio\AppData\Roaming\awesomehp
Pasta Encontrado : C:\Users\Aurelio\AppData\Roaming\baidu
Pasta Encontrado : C:\Users\Aurelio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter
Pasta Encontrado : C:\Users\Aurelio\AppData\Roaming\Optimizer Elite Max
Pasta Encontrado : C:\Users\Aurelio\AppData\Roaming\SaveSense
Pasta Encontrado : C:\Users\Aurelio\AppData\Roaming\SupTab
Pasta Encontrado : C:\Users\Aurelio\AppData\Roaming\Systweak
Pasta Encontrado : C:\Users\Aurelio\AppData\Roaming\webssearches
Pasta Encontrado : C:\Users\Aurelio\Documents\Mobogenie
Pasta Encontrado : C:\Users\Public\Documents\baidu
Pasta Encontrado : C:\Users\wangzhisong\AppData\Local\Mobogenie

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Encontrada : HKCU\Software\AnyProtect
Chave Encontrada : HKCU\Software\AppDataLow\Software\Crossrider
Chave Encontrada : HKCU\Software\AppDataLow\Software\DynConIE
Chave Encontrada : HKCU\Software\AppDataLow\Software\ViewPassword
Chave Encontrada : HKCU\Software\Funmoods
Chave Encontrada : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Encontrada : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Encontrada : HKCU\Software\InstallCore
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA34C851-D481-49F5-A356-3A8B0A8F3B7E}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Encontrada : HKCU\Software\Optimizer Pro
Chave Encontrada : HKCU\Software\SaveSenseLive
Chave Encontrada : HKCU\Software\SmartBar
Chave Encontrada : HKCU\Software\Softonic
Chave Encontrada : HKCU\Software\systweak
Chave Encontrada : HKCU\Software\TutoTag
Chave Encontrada : [x64] HKCU\Software\AnyProtect
Chave Encontrada : [x64] HKCU\Software\Funmoods
Chave Encontrada : [x64] HKCU\Software\InstallCore
Chave Encontrada : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chave Encontrada : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrada : [x64] HKCU\Software\Optimizer Pro
Chave Encontrada : [x64] HKCU\Software\SaveSenseLive
Chave Encontrada : [x64] HKCU\Software\SmartBar
Chave Encontrada : [x64] HKCU\Software\Softonic
Chave Encontrada : [x64] HKCU\Software\systweak
Chave Encontrada : [x64] HKCU\Software\TutoTag
Chave Encontrada : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Encontrada : HKLM\Software\aartemisSoftware
Chave Encontrada : HKLM\Software\Bench
Chave Encontrada : HKLM\SOFTWARE\Classes\*\shell\filescout
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322122257}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Encontrada : HKLM\SOFTWARE\Classes\speedupmypc
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chave Encontrada : HKLM\Software\free_soft_to_day
Chave Encontrada : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Encontrada : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Encontrada : HKLM\Software\InstallCore
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3
Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9
Chave Encontrada : HKLM\Software\SaveSenseLive
Chave Encontrada : HKLM\Software\supTab
Chave Encontrada : HKLM\Software\supWPM
Chave Encontrada : HKLM\Software\Trymedia Systems
Chave Encontrada : HKLM\Software\Tutorials
Chave Encontrada : HKLM\Software\Uniblue
Chave Encontrada : HKLM\Software\webssearchesSoftware
Chave Encontrada : HKLM\Software\Wpm
Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Encontrada : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Encontrada : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrada : [x64] HKLM\SOFTWARE\Speedchecker Limited
Valor Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PriceMeterW]
Valor Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Valor Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Valor Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17041

Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - [Você precisa estar registrado e conectado para ver este link.]
Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - [Você precisa estar registrado e conectado para ver este link.]
Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - [Você precisa estar registrado e conectado para ver este link.]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - [Você precisa estar registrado e conectado para ver este link.]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - [Você precisa estar registrado e conectado para ver este link.]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - [Você precisa estar registrado e conectado para ver este link.]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - [Você precisa estar registrado e conectado para ver este link.]
Configurações Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - [Você precisa estar registrado e conectado para ver este link.]
Configurações Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - [Você precisa estar registrado e conectado para ver este link.]
Configurações Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - [Você precisa estar registrado e conectado para ver este link.]
Configurações Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - [Você precisa estar registrado e conectado para ver este link.]

-\\ Mozilla Firefox v

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [21487 octets] - [15/02/2014 12:45:00]
AdwCleaner[R1].txt - [1053 octets] - [15/02/2014 12:51:58]
AdwCleaner[R2].txt - [1114 octets] - [15/02/2014 12:53:13]
AdwCleaner[R3].txt - [1174 octets] - [15/02/2014 12:56:36]
AdwCleaner[R4].txt - [11699 octets] - [01/05/2014 16:09:24]
AdwCleaner[S0].txt - [19883 octets] - [15/02/2014 12:45:59]
AdwCleaner[S1].txt - [1233 octets] - [15/02/2014 12:58:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [11881 octets] ##########
avatar
Coelhocego
Iniciante
Iniciante

Mensagens : 37
Reputação : 0
Data de inscrição : 01/05/2014

Voltar ao Topo Ir em baixo

Re: Navegadores infectados!

Mensagem por Power Max em Qui 01 Maio 2014, 17:20

   Olá.

Clique com o botão direito do mouse em AdwCleaner.exe e escolha a opção Executar como administrador.

|- Caso surja uma mensagem do Windows com a pergunta "Deseja permitir que o programa a seguir faça alterações neste computador?" clique em Sim.

|- Dê iní­cio ao escaneamento, clicando no botão Examinar como mostra esta imagem abaixo:

[Você precisa estar registrado e conectado para ver esta imagem.]

Assim que a verificação tiver sido concluída, clique no botão Limpar, como mostra esta imagem:

[Você precisa estar registrado e conectado para ver esta imagem.]

Surgirá, então, esta mensagem mostrada abaixo na qual você clicará no botão OK:

[Você precisa estar registrado e conectado para ver esta imagem.]

Depois dos procedimentos acima aparecerá esta última mensagem, onde você novamente clicará em OK:

[Você precisa estar registrado e conectado para ver esta imagem.]

Depois disto o PC será reiniciado. E aí é só você postar o relatório dele que estará em C:\AdwCleaner\AdwCleaner[S2].txt em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Navegadores infectados!

Mensagem por Coelhocego em Qui 01 Maio 2014, 23:25

aner v3.205 - Relatório criado 01/05/2014 às 23:20:38
# Atualizado 28/04/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : Aurelio - AURELIO-PC
# Executando de : C:\Users\Aurelio\Downloads\adwcleaner (3).exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Chave Deletedo : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [21487 octets] - [15/02/2014 12:45:00]
AdwCleaner[R1].txt - [1053 octets] - [15/02/2014 12:51:58]
AdwCleaner[R2].txt - [1114 octets] - [15/02/2014 12:53:13]
AdwCleaner[R3].txt - [1174 octets] - [15/02/2014 12:56:36]
AdwCleaner[R4].txt - [12058 octets] - [01/05/2014 16:09:24]
AdwCleaner[R5].txt - [2125 octets] - [01/05/2014 23:19:50]
AdwCleaner[S0].txt - [19883 octets] - [15/02/2014 12:45:59]
AdwCleaner[S1].txt - [1233 octets] - [15/02/2014 12:58:00]
AdwCleaner[S2].txt - [9303 octets] - [01/05/2014 16:27:06]
AdwCleaner[S3].txt - [2013 octets] - [01/05/2014 23:20:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2073 octets] ##########
avatar
Coelhocego
Iniciante
Iniciante

Mensagens : 37
Reputação : 0
Data de inscrição : 01/05/2014

Voltar ao Topo Ir em baixo

Re: Navegadores infectados!

Mensagem por Power Max em Qui 01 Maio 2014, 23:28

Faça o download do Malwarebytes em um destes links abaixo:
[Você precisa estar registrado e conectado para ver este link.]
[Você precisa estar registrado e conectado para ver este link.]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

[Você precisa estar registrado e conectado para ver este link.]

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Navegadores infectados!

Mensagem por Coelhocego em Sex 02 Maio 2014, 01:33

Malwarebytes Anti-Malware
[Você precisa estar registrado e conectado para ver este link.]

Scan Date: 02/05/2014
Scan Time: 01:30:49
Logfile: virus2.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.02.02
Rootkit Database: v2014.03.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Aurelio

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 381816
Time Elapsed: 45 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 11
PUP.Optional.IEPluginService.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir, , [9109ca827efdb482129b3233d62bd52b],
PUP.Optional.SupTab.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir, , [5f3b6fdd116afe3858f559dc0ff1f30d],
Adware.Korad, C:\AdwCleaner\Quarantine\C\ProgramData\BasicServe\basicserve114.exe.vir, , [efab2c20681396a04a8837f51de4b050],
PUP.Optional.FileScout.A, C:\AdwCleaner\Quarantine\C\Users\Aurelio\AppData\Roaming\file scout\filescout.exe.vir, , [21792e1efd7e4cea59713fc5e61b05fb],
PUP.Optional.PCFixSpeed.A, C:\AdwCleaner\Quarantine\C\Users\Aurelio\AppData\Roaming\OpenCandy\0CFE646FC13F434CA9C5D21645B54749\SearchGolTB.exe.vir, , [1981a6a6e79453e3e283576de2215ca4],
PUP.Optional.OpenCandy.A, C:\AdwCleaner\Quarantine\C\Users\Aurelio\AppData\Roaming\OpenCandy\5D9A2D88E9F649BEB55D8E737466E2DD\dlm.exe.vir, , [a4f676d692e9d264ab92c9538081758b],
PUP.Optional.OpenCandy.A, C:\AdwCleaner\Quarantine\C\Users\Aurelio\AppData\Roaming\OpenCandy\D68CE7399FFE4F18BA7B04EA879FABB5\dlm.exe.vir, , [d5c598b45e1d68ce74c9c7551fe2c33d],
PUP.Optional.Conduit.A, C:\AdwCleaner\Quarantine\C\Users\Aurelio\AppData\Roaming\OpenCandy\D68CE7399FFE4F18BA7B04EA879FABB5\SSStub_SearchProtect_p1v0.exe.vir, , [9109ee5e80fb65d1384345d47d840bf5],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Users\Aurelio\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe.vir, , [c9d137154b3076c066aaaa88669af50b],
PUP.Optional.SupTab.A, C:\AdwCleaner\Quarantine\C\Users\Aurelio\AppData\Roaming\SupTab\SupTab.dll.vir, , [752596b6b4c775c1c08d45f0c23ece32],
PUP.Optional.InstallCore, C:\Users\Aurelio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQMMV61T\samsung-kies-3214034-12-32-bits.exe, , [d9c129232e4dd75f466adf4de51f936d],

Physical Sectors: 0
(No malicious items detected)


(end)
avatar
Coelhocego
Iniciante
Iniciante

Mensagens : 37
Reputação : 0
Data de inscrição : 01/05/2014

Voltar ao Topo Ir em baixo

Re: Navegadores infectados!

Mensagem por Power Max em Sex 02 Maio 2014, 09:40

 Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Você precisa estar registrado e conectado para ver este link.]

Para executá-lo corretamente siga as dicas deste tutorial:

[Você precisa estar registrado e conectado para ver este link.]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Boa noite!

Mensagem por Coelhocego em Sab 03 Maio 2014, 00:52


Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Aurelio on 03/05/2014 at 0:32:58,10.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Aurelio\AppData\Local\Temp\Rar$EXa0.824\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

03/05/2014 00:34:07 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Users\Aurelio\AppData\Roaming\GetRightToGo deleted
C:\PROGRA~3\WPM deleted
C:\PROGRA~3\baidu deleted
C:\Users\Aurelio\AppData\Local\funmoods_2.3.8.crx deleted
C:\Users\Aurelio\AppData\Local\VLC Links deleted
C:\Users\Aurelio\AppData\Local\cache deleted
C:\Users\Aurelio\AppData\LocalLow\Plus-HD-1.3 deleted
C:\windows\SysNative\tasks\Funmoods Chat deleted
C:\Users\wangzhisong deleted
C:\Windows\Syswow64\InstallUtil.InstallLog deleted
C:\Users\Aurelio\AppData\Roaming\unins000.exe deleted
C:\Users\Aurelio\AppData\Roaming\Mozilla\Extensions\seesimilar02@SeeSimilar.com deleted
C:\Users\Aurelio\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com deleted
"C:\Users\Aurelio\AppData\Roaming\rmi" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [05/09/2013 16:12]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"onlinetv@helper.com"="C:\Users\Aurelio\AppData\Roaming\Online TV\onlinetv.xpi" [27/03/2014 12:14]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 15:24]
mihecgifecjdmjjmkgnobfpladefgige - C:\Users\Aurelio\AppData\Local\VLC Links\extension.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nnjbodopomfddehlalfilheomcahbpei - C:\Users\Aurelio\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[11/11/2013 16:46]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="[Você precisa estar registrado e conectado para ver este link.]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="[Você precisa estar registrado e conectado para ver este link.]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="[Você precisa estar registrado e conectado para ver este link.]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com/"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{3C8D6E72-587F-4D23-86E6-15A49ED22FDF} Unknown Url="Not_Found"
{62EA056F-91C7-1A35-0FF4-2A215BF6338B} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\USURIO~1\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\USURIO~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2952356932-1996913521-2274159354-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-2952356932-1996913521-2274159354-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-2952356932-1996913521-2274159354-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-2952356932-1996913521-2274159354-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-2952356932-1996913521-2274159354-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3C8D6E72-587F-4D23-86E6-15A49ED22FDF} deleted successfully
HKEY_USERS\S-1-5-21-2952356932-1996913521-2274159354-1000\Software\Microsoft\Internet Explorer\SearchScopes\{62EA056F-91C7-1A35-0FF4-2A215BF6338B} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Aurelio\Desktop\Diversos.lnk - C:\Users\Aurelio\Documents\Nova pasta
C:\Users\Aurelio\Desktop\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\Aurelio\Desktop\Microsoft Office Excel 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\Aurelio\Desktop\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Receitanet 1.04 .lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe
C:\Users\Public\Desktop\Samsung Kies 3.lnk - C:\Program Files (x86)\Samsung\Kies3\Kies3.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Aurelio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\Aurelio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual da consola do RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\Aurelio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies3\Samsung Kies 3.lnk - C:\Program Files (x86)\Samsung\Kies3\Kies3.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies3\Uninstall Kies 3.lnk - C:\Program Files (x86)\InstallShield Installation Information\{88547073-C566-4895-9005-EBE98EA3F7C7}\setup.exe /removeonly
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual da consola do RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in Quick Launch ======================

C:\Users\Aurelio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Aurelio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies 3.lnk - C:\Program Files (x86)\Samsung\Kies3\Kies3.exe
C:\Users\Aurelio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Aurelio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Aurelio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Aurelio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Iniciar Avira Free Antivirus.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\Users\Aurelio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aurelio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mihecgifecjdmjjmkgnobfpladefgige deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Aurelio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Aurelio\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Aurelio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOEBW3FK will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\USURIO~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=437 folders=45 13479669 bytes)

==== Empty Temp Folders ======================

C:\Users\Aurelio\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Aurelio\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Aurelio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOEBW3FK" not found

==== EOF on 03/05/2014 at 0:50:44,48 ======================
avatar
Coelhocego
Iniciante
Iniciante

Mensagens : 37
Reputação : 0
Data de inscrição : 01/05/2014

Voltar ao Topo Ir em baixo

Re: Navegadores infectados!

Mensagem por Power Max em Sab 03 Maio 2014, 09:07

Baixe o programa Junkware Removal Tool no link abaixo:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Você precisa estar registrado e conectado para ver este link.]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Novo Log

Mensagem por Coelhocego em Sab 03 Maio 2014, 11:01

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Basic x64
Ran by Aurelio on 03/05/2014 at 10:54:13,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu



~~~ Files



~~~ Folders
avatar
Coelhocego
Iniciante
Iniciante

Mensagens : 37
Reputação : 0
Data de inscrição : 01/05/2014

Voltar ao Topo Ir em baixo

Re: Navegadores infectados!

Mensagem por Power Max em Sab 03 Maio 2014, 11:07

Faça o download do < [Você precisa estar registrado e conectado para ver este link.] > < [Você precisa estar registrado e conectado para ver esta imagem.]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Você precisa estar registrado e conectado para ver este link.]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Navegadores infectados!

Mensagem por Coelhocego em Sab 03 Maio 2014, 11:30

~ Relatório do ZHPDiag v2014.5.3.51 - Nicolas Coolman  (03/05/2014)
~ Iniciado por Aurelio (03/05/2014 11:28:31)
~ Endereço do Website :  http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão :
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17105 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 2.0.1.1004
Windows Defender W7

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6038 MB (72% free)
System Restore: Activé (Enable)
System drive C: has 866 GB (93%) free of 922 GB

---\\ Modo de conexão ao sistema
~ Computer Name: AURELIO-PC
~ User Name: Aurelio
~ All Users Names: Convidado, Aurelio, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Aurelio\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Aurelio\AppData\Roaming\
~ %Desktop% : C:\Users\Aurelio\Desktop\
~ %Favorites% : C:\Users\Aurelio\Favorites\
~ %LocalAppData% : C:\Users\Aurelio\AppData\Local\
~ %StartMenu% : C:\Users\Aurelio\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 866 Go of 922 Go)
D: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.06/07/2011 - 18:34:56.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 03:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.06/07/2011 - 18:36:49.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/91
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/16
~ Mes Documents (My Documents) : 1/350
~ Mon Bureau (My Desktop) : 1/705
~ Menu demarrer (Programs) : 1/6
~ Hidden Files:  Scanned in 00mn 00s



---\\ Processos lançados
[MD5.41AD6110110A2E89957F831DCBFAF892] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe   [6963512] [PID.2028]
[MD5.9D4A0ECBF734E2EECDD5B473A2D705FE] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   [20922016] [PID.2452]
[MD5.C0B97E53A0E39A48EEA2DCD500EEA07A] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe   [283160] [PID.2920]
[MD5.F8077BAF8969C51FA9B5BF9C45CA012E] - (.PSafe - PSafe System Tray.) -- C:\Program Files (x86)\PSafe\PSafeSysTray.exe   [4163848] [PID.3040]
[MD5.241B07FF7F5943B9C1BF3235F49AC1E1] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe   [689744] [PID.2588]
[MD5.F6158734F1E24C6C510155CF0D363911] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe   [295512] [PID.2652]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   [254336] [PID.2720]
[MD5.766D176C8B0187E0E2A79D58A2FC5CB0] - (.PSafe - PSafeWD.) -- C:\Program Files (x86)\PSafe\PSafeWDS.exe   [71680] [PID.4052]
[MD5.DFC999E39D7465077B45F08C53BEE076] - (.Positivo Informática S.A. - Positivo Áudio.) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Áudio\AudioPower.exe   [1015808] [PID.5044]
[MD5.0667ED9F8E905E1F73DB60ACCEDCBCA7] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe   [811728] [PID.4604]
[MD5.DDBE89226D55D694F1B7B3DD0C324640] - (.RealNetworks, Inc. - RealDownloader.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe   [233048] [PID.716]
[MD5.9F98821AE94E8CC78F7A5D423791B839] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe   [12971328] [PID.264]
[MD5.C155A13687144076286989EF078112C2] - (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe   [1917440] [PID.5436]
[MD5.01AA7A063ADF05C9217A1BDF901DFBAC] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [7868416] [PID.5756]
[MD5.6DE9AC13D76238AD7427E5453C8ECC54] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe   [519224] [PID.804]
[MD5.4D282B9C5BB05DF92C9F3977DFB9F916] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe   [440400] [PID.1260]
[MD5.65AF41A7A2C5B6693E1B4164E7632C3E] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe   [440400] [PID.1432]
[MD5.0E08BDD7326E657D59DB40BAD23D8169] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe   [1809720] [PID.1580]
[MD5.A8E7F3DB083EB0839DFC1C763CDD2594] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe   [857912] [PID.1928]
[MD5.41D6A19EE0EF3E1EF48B58A5CD8A200C] - (.PSafe - PSafe CategoryFinder.) -- C:\Program Files (x86)\PSafe\PSafeCategoryFinder.exe   [1259784] [PID.2020]
[MD5.0D00F10067084BAEF93E26C126BADAF0] - (.PSafe S/A - PSafe-SVC.) -- C:\Program Files (x86)\PSafe\PSafesvc.exe   [1722120] [PID.1176]
[MD5.68271BE9A8893FF5425F29786C361763] - (.PSafe - PSafeWD.) -- C:\Program Files (x86)\PSafe\PSafeWD.exe   [250632] [PID.2160]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe   [39056] [PID.2180]
[MD5.090377B289C00EE8B041FDA2D8699C87] - (.Positivo Informática S.A. - WindowsService.) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\PositivoExperienceService.exe   [48640] [PID.3868]
[MD5.B25F192EA1F84A316EB7C19EFCCCF33D] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe   [13336] [PID.3764]
[MD5.97F6FFB8A305A77D25C6C0E07B71D252] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe   [5024576] [PID.4968]
[MD5.02CF67DC188222A92ED8818F7224442C] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe   [238400] [PID.4840]
~ Processes Running:  Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Aurelio\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: onlinetv [64Bits] - {e6668de8-50bb-4ee3-9b43-cee14e6944fb} . (.onlinetv Company - onlinetv.) -- C:\Users\Aurelio\AppData\Roaming\Online TV\onlinetv.dll
~ BHO: 10 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [StartUpManagerPositivo] . (...) -- C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe
O4 - HKLM\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Aurelio\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [PSafeSysTray] . (.PSafe - PSafe System Tray.) -- C:\Program Files (x86)\PSafe\PSafeSysTray.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe   =>.RealNetworks, Inc
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2952356932-1996913521-2274159354-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-2952356932-1996913521-2274159354-1000\..\RunOnce: [Uninstall C:\Users\Aurelio\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\system32\cmd.exe
~ Application:  Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
~ IE Zone Confiance:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{040C7364-D564-49E9-9E88-DB629CA3B10B}: DhcpNameServer = 189.4.0.146 189.4.0.141
O17 - HKLM\System\CS1\Services\Tcpip\..\{040C7364-D564-49E9-9E88-DB629CA3B10B}: DhcpNameServer = 189.4.0.146 189.4.0.141
O17 - HKLM\System\CS2\Services\Tcpip\..\{040C7364-D564-49E9-9E88-DB629CA3B10B}: DhcpNameServer = 189.4.0.146 189.4.0.141
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.4.0.146 189.4.0.141
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: PSafeLockBoxSvc (PSafeLockBoxSvc) . (.PSafe - PSafe CategoryFinder.) - C:\Program Files (x86)\PSafe\PSafeCategoryFinder.exe
O23 - Service: PSafeSVC (PSafeSVC) . (.PSafe S/A - PSafe-SVC.) - C:\Program Files (x86)\PSafe\PSafesvc.exe
O23 - Service: PSafeWD (PSafeWD) . (.PSafe - PSafeWD.) - C:\Program Files (x86)\PSafe\PSafeWD.exe
~ Services: 13 Legitimates Filtered in 00mn 03s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [AffiliatedUpdate] (...) -- C:\Users\Aurelio\AppData\Roaming\AFFILI~1\UPDATE~1\UPDATE~1.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [PCHelpers1st] (...) -- C:\Program Files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe (.not file.)   [0]  =>PUP.OptimizerEliteMax
[MD5.00000000000000000000000000000000] [APT] [PCHelpers_period] (...) -- C:\Program Files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe (.not file.)   [0]  =>PUP.OptimizerEliteMax
[MD5.00000000000000000000000000000000] [APT] [{536165F4-8E31-479A-8333-ACE95D754BBC}] (...) -- C:\Users\Aurelio\AppData\Roaming\awesomehp\UninstallManager.exe (.not file.)   [0]  =>PUP.Awesomehp
[MD5.00000000000000000000000000000000] [APT] [{C870FDBC-11E5-4358-BB7E-04730A92E7B7}] (...) -- C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\UninstCaller.exe (.not file.)   [0]  =>Adware.BDSearch
[MD5.75527EA7A3B425057B56A6ED32235A49] [APT] [{F0F0D852-7318-451F-A305-345576FC0FA4}] (.CAIXA.) -- C:\Users\Aurelio\Downloads\iGBPCEFsf.exe   [2546504]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater   [902]
O39 - APT: AffiliatedUpdate - (...) -- C:\Windows\Tasks\AffiliatedUpdate.job   [300]
O39 - APT: AffiliatedUpdate - (...) -- C:\Windows\System32\Tasks\AffiliatedUpdate   [300]
O39 - APT:  - (..) -- C:\Windows\Tasks\Funmoods Chat.job   [300]  =>PUP.Funmoods
O39 - APT: PCHelpers1st - (...) -- C:\Windows\Tasks\PCHelpers1st.job   [304]  =>PUP.OptimizerEliteMax
O39 - APT: PCHelpers1st - (...) -- C:\Windows\System32\Tasks\PCHelpers1st   [304]  =>PUP.OptimizerEliteMax
O39 - APT: PCHelpers_period - (...) -- C:\Windows\Tasks\PCHelpers_period.job   [304]  =>PUP.OptimizerEliteMax
O39 - APT: PCHelpers_period - (...) -- C:\Windows\System32\Tasks\PCHelpers_period   [304]  =>PUP.OptimizerEliteMax
~ Scheduled Task: 15 Legitimates Filtered in 00mn 01s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver:  (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver:  (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver:  (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver:  (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
~ Drivers: 81 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security]  =>Adware.BDSearch
[HKCU\Software\FMChat]
[HKCU\Software\GbAs]
[HKCU\Software\PriceMeterUpdater]  =>PUP.PriceMeter
[HKLM\Software\Baidu Security]  =>Adware.BDSearch
[HKLM\Software\HD Streamer]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security]  =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Baidu_Drp_pos]  =>Adware.BDSearch
[HKLM\Software\Wow6432Node\SPCP]
[HKLM\Software\Wow6432Node\Universal]
~ Key Software: 184 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/11/2013 - 13:03:37 - [] ----D C:\Program Files (x86)\Baidu Security  =>Adware.BDSearch
O43 - CFD: 15/03/2014 - 16:25:51 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 02/05/2014 - 00:35:17 - [0] ----D C:\Program Files (x86)\RBM
O43 - CFD: 03/09/2012 - 19:21:37 - [0] ----D C:\ProgramData\Audio
O43 - CFD: 23/06/2013 - 14:36:57 - [0] ----D C:\ProgramData\Audio Power
O43 - CFD: 27/03/2014 - 12:14:56 - [] ----D C:\ProgramData\Baidu Security  =>Adware.BDSearch
O43 - CFD: 03/09/2012 - 19:20:39 - [] ----D C:\ProgramData\Vivo
O43 - CFD: 10/10/2013 - 10:55:09 - [] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 20/02/2014 - 22:47:58 - [0] ----D C:\Users\Aurelio\AppData\Roaming\80B07AD4
O43 - CFD: 29/11/2013 - 13:04:12 - [] ----D C:\Users\Aurelio\AppData\Roaming\Baidu Security  =>Adware.BDSearch
O43 - CFD: 02/05/2014 - 00:35:17 - [0] ----D C:\Users\Aurelio\AppData\Roaming\FunmoodsChat  =>PUP.Funmoods
~ Program Folder: 170 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 01/05/2014 - 15:16:02 ---A- . (...) -- C:\autoexec.bat   [0]
O44 - LFC:[MD5.B40998C5BE901002C33964892A5A8101] - 02/05/2014 - 01:30:49 ---A- . (...) -- C:\virus.txt   [2825]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 03/05/2014 - 00:32:49 ---A- . (...) -- C:\Windows\zoek-delete.exe   [24064]
O44 - LFC:[MD5.9F67594FAD36AD5F6E01A8C9E1F1746B] - 03/05/2014 - 00:50:44 ---A- . (...) -- C:\zoek-results.log   [18047]
O44 - LFC:[MD5.7EFD5D57BDF90C236AAD5BE1DE9477C5] - 03/05/2014 - 11:08:34 ---A- . (...) -- C:\Windows\System32\prfc0416.dat   [147638]
O44 - LFC:[MD5.0B89C4E6A74B5BF759855B487782D68A] - 03/05/2014 - 11:08:34 ---A- . (...) -- C:\Windows\System32\prfh0416.dat   [705798]
~ Files: 25 Legitimates Filtered in 00mn 01s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [31232]
O58 - SDL:18/03/2014 - 22:27:24 ---A- . (.DEVGURU Co., LTD.([Você precisa estar registrado e conectado para ver este link.] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys   [109056]
O58 - SDL:18/03/2014 - 22:27:24 ---A- . (.DEVGURU Co., LTD.([Você precisa estar registrado e conectado para ver este link.] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys   [206080]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [24656]
O58 - SDL:27/03/2014 - 21:12:39 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLibG64.sys   [61120]  =>PUP.LinkiDoo
O58 - SDL:15/03/2014 - 10:26:54 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys   [31088]
~ Drivers: 61 Legitimates Filtered in 00mn 00s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.4547C099BA26A4144D6044315AC57DCC] [SPRF][11/11/2013] (...) -- C:\Users\Aurelio\AppData\Roaming\unins000.dat   [17526]
[MD5.A8DDCC18FC3706A5752713E9CC05A0BD] [SPRF][01/05/2014] (...) -- C:\Users\Aurelio\Desktop\adwcleaner.exe   [1310621]
~ Files: 4 Legitimates Filtered in 00mn 00s



---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "5509804B864D4A546AABA531D87D51CF" . (.Bing Bar.) -- C:\Windows\Installer\{B4089055-D468-45A4-A6BA-5A138DD715FC}\icon_installer_ico  =>Toolbar.Bing
~ Update Products: 1 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.0A517BFDBF16092D7D813FAA69BB7F65] [WIS][09/02/2014] (.LPT - LPT System Updater Service.) -- C:\Windows\Installer\1d2b4d.msi   [1712128]  =>Adware.IncrediBar
[MD5.683EF495176EB6BF6C18BDA0A304C22E] [WIS][21/10/2011] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\b39709.msi   [4771840]  =>Toolbar.Bing
~ WIS: 2 Legitimates Filtered in 00mn 01s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32  =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS  =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASAPI32  =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASMANCS  =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32  =>Adware.PUP.NewPlayer
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS  =>Adware.PUP.NewPlayer
HKLM\SOFTWARE\Microsoft\Tracing\signup wizard_RASAPI32  =>PUP.JDIBackup
HKLM\SOFTWARE\Microsoft\Tracing\signup wizard_RASMANCS  =>PUP.JDIBackup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Fortunitas_RASAPI32  =>PUP.Fortunitas
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Fortunitas_RASMANCS  =>PUP.Fortunitas
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASAPI32  =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASMANCS  =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MovieModeService_RASAPI32  =>PUP.MovieMode
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MovieModeService_RASMANCS  =>PUP.MovieMode
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MovieMode_RASAPI32  =>PUP.MovieMode
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MovieMode_RASMANCS  =>PUP.MovieMode
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASAPI32  =>Adware.PUP.NewPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASMANCS  =>Adware.PUP.NewPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseSmart_RASAPI32  =>PUP.BrowseSmart
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseSmart_RASMANCS  =>PUP.BrowseSmart
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFortunitas_RASAPI32  =>PUP.Fortunitas
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFortunitas_RASMANCS  =>PUP.Fortunitas
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateLinkSwift_RASAPI32  =>PUP.LinkSwift
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateLinkSwift_RASMANCS  =>PUP.LinkSwift
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASAPI32  =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASMANCS  =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateStorimbo_RASAPI32  =>PUP.Storimbo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateStorimbo_RASMANCS  =>PUP.Storimbo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilFortunitas_RASAPI32  =>PUP.Fortunitas
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilFortunitas_RASMANCS  =>PUP.Fortunitas
~ BTK: 218 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 11/05/2013 65640 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 01/05/2014 257712 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 13/03/2014 1017424 |  (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.exe
SS - | Auto 21/10/2011 196176 |  (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.exe  =>Toolbar.Bing
SS - | Auto 23/10/2013 172192 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 13/03/2014 440400 |  (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 13/03/2014 440400 |  (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 12/07/2012 48640 |  (AppManagerService) . (.Positivo Informática S.A..) - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\PositivoExperienceService.exe
SR - | Auto 13/10/2011 249648 |  (BBUpdate) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.exe  =>Toolbar.Bing
SR - | Auto 25/03/2014 519224 |  (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 13/09/2010 13336 |  (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 03/04/2014 1809720 |  (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 03/04/2014 857912 |  (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 18/05/2012 1259784 |  (PSafeLockBoxSvc) . (.PSafe.) - C:\Program Files (x86)\PSafe\PSafeCategoryFinder.exe
SR - | Auto 18/05/2012 1722120 |  (PSafeSVC) . (.PSafe S/A.) - C:\Program Files (x86)\PSafe\PSafesvc.exe
SR - | Auto 18/05/2012 250632 |  (PSafeWD) . (.PSafe.) - C:\Program Files (x86)\PSafe\PSafeWD.exe
SR - | Auto 14/08/2013 39056 |  (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 25/04/2014 5024576 |  (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 04s



---\\ Scâner Aditional (088)
Database Version : 13045 - (03/05/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 4
Fichiers trouvés  (Files found) : 13

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]   =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]   =>PUP.Tarma
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply]   =>PUP.DealPly
C:\Program Files (x86)\Baidu Security   =>Adware.BDSearch^
C:\ProgramData\Baidu Security   =>Adware.BDSearch^
C:\Users\Aurelio\AppData\Roaming\Baidu Security   =>Adware.BDSearch^
C:\Users\Aurelio\AppData\Roaming\FunmoodsChat   =>PUP.Funmoods^
C:\Windows\Tasks\Funmoods Chat.job   =>PUP.Funmoods^
C:\Windows\Tasks\PCHelpers1st.job   =>PUP.OptimizerEliteMax^
C:\Windows\System32\Tasks\PCHelpers1st   =>PUP.OptimizerEliteMax^
C:\Windows\Tasks\PCHelpers_period.job   =>PUP.OptimizerEliteMax^
C:\Windows\System32\Tasks\PCHelpers_period   =>PUP.OptimizerEliteMax^
[HKCU\Software\Baidu Security]   =>Adware.BDSearch^
[HKCU\Software\PriceMeterUpdater]   =>PUP.PriceMeter^
[HKLM\Software\Baidu Security]   =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security]   =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu_Drp_pos]   =>Adware.BDSearch^
C:\Windows\Installer\1d2b4d.msi   =>Adware.IncrediBar^
C:\Windows\Installer\b39709.msi   =>Toolbar.Bing^
C:\Users\Aurelio\Downloads\flvmplayer.exe   =>PUP.Offerware
~ Additionnel Scan: 211509 Items scanned in 00mn 16s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.OptimizerEliteMax
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.Awesomehp
[Você precisa estar registrado e conectado para ver este link.]  =>Adware.BDSearch
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.Funmoods
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.PriceMeter
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.LinkiDoo
[Você precisa estar registrado e conectado para ver este link.]  =>Adware.IncrediBar
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.MyPCBackup
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.Fortunitas
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.Melondrea
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.BrowseSmart
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.LinkSwift
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.Storimbo
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.Tarma
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.DealPly
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.Offerware
~ MSI: 16 link(s) detected in 00mn 00s



~ 777 Legitimates filtered by white list
End of the scan (495 lines in 00mn 40s)(0)
avatar
Coelhocego
Iniciante
Iniciante

Mensagens : 37
Reputação : 0
Data de inscrição : 01/05/2014

Voltar ao Topo Ir em baixo

Re: Navegadores infectados!

Mensagem por Power Max em Sab 03 Maio 2014, 11:52

 Há dois antivirus constando em seu PC: Avira e Psafe. Isto causa lentidão no PC e pode causar conflitos entre eles. Sugiro que desinstale o Psafe e fique só com o Avira. E sugiro também que configure o Avira seguindo as dicas destes tutoriais abaixo para que ele fique mais eficiente:

[Você precisa estar registrado e conectado para ver este link.]

[Você precisa estar registrado e conectado para ver este link.]
_________________________________________________________________________________________________________

 Acesse o site [Você precisa estar registrado e conectado para ver este link.] e envie este arquivo destacado em azul abaixo para ser analisado:

C:\Users\Aurelio\AppData\Roaming\Online TV\onlinetv.dll

Assim que a análise dele for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste este link em sua próxima resposta juntamente com o log do ZHPFix pedido abaixo.

Maiores informações de como analisar arquivos no site Virus Total você encontra neste tutorial:

[Você precisa estar registrado e conectado para ver este link.]
____________________________________________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com o link da análise do arquivo no site Virus Total.


Última edição por Power Max em Sab 03 Maio 2014, 20:13, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Navegadores infectados!

Mensagem por Coelhocego em Sab 03 Maio 2014, 19:01

[Você precisa estar registrado e conectado para ver este link.]

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Aurelio at 03/05/2014 18:58:25
High Elevated Privileges : OK
Windows Vista Home Basic Edition, 64-bit  (Build 6000)

Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador

========== Processo memória ==========
ELIMINÉ: Memory Process: C:\Users\Aurelio\Downloads\flvmplayer.exe

========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\PriceMeterUpdater
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos
ELIMINÉ: SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASMANCS
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\signup wizard_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\signup wizard_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Fortunitas_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Fortunitas_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MovieModeService_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MovieModeService_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MovieMode_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MovieMode_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseSmart_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseSmart_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFortunitas_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFortunitas_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateLinkSwift_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateLinkSwift_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateStorimbo_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateStorimbo_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilFortunitas_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilFortunitas_RASMANCS
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
ELIMINÉ:* HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\windows\tasks\funmoods chat.job
ELIMINA REINICIAR: c:\windows\system32\drivers\wstlibg64.sys
ELIMINÉ: C:\Windows\Installer\1d2b4d.msi
ELIMINÉ Temporários windows (126) (4.968.457 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: AffiliatedUpdate
ELIMINÉ: PCHelpers1st
ELIMINÉ: PCHelpers_period
ELIMINÉ: {536165F4-8E31-479A-8333-ACE95D754BBC}
ELIMINÉ: {C870FDBC-11E5-4358-BB7E-04730A92E7B7}
ELIMINÉ: {F0F0D852-7318-451F-A305-345576FC0FA4}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
1 : Processo memória
43 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
5 : Ficheiros
6 : Tarefa planificada
1 : Restauração Sistema


End of clean in 00mn 40s

========== Caminho do ficheiro do relatório ==========
C:\Users\Aurelio\AppData\Roaming\ZHP\ZHPFix[R1].txt - 03/05/2014 18:58:28 [4624]
avatar
Coelhocego
Iniciante
Iniciante

Mensagens : 37
Reputação : 0
Data de inscrição : 01/05/2014

Voltar ao Topo Ir em baixo

Re: Navegadores infectados!

Mensagem por Power Max em Sab 03 Maio 2014, 19:26

No Virus Total está constando que o nome do arquivo enviado foi o file-6798366_dll, mas o arquivo que seria escaneado seria este:
C:\Users\Aurelio\AppData\Roaming\Online TV\onlinetv.dll

Você tem certeza que enviou o arquivo correto?
____________________________________________________________________________

Abra novamente o ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Você precisa estar registrado e conectado para ver esta imagem.]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Navegadores infectados!

Mensagem por Coelhocego em Sab 03 Maio 2014, 20:04

Oi Power!!
Fiz a consulta novamente ao VIRUS TOTAL...

[Você precisa estar registrado e conectado para ver este link.]

Segue o LOG com as informações...




~ Relatório do ZHPDiag v2014.5.3.52 - Nicolas Coolman  (03/05/2014)
~ Iniciado por Aurelio (03/05/2014 19:58:14)
~ Endereço do Website :  http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão :
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17105 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 2.0.1.1004
Windows Defender W7

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6038 MB (51% free)
System Restore: Activé (Enable)
System drive C: has 867 GB (94%) free of 922 GB

---\\ Modo de conexão ao sistema
~ Computer Name: AURELIO-PC
~ User Name: Aurelio
~ All Users Names: Convidado, Aurelio, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Aurelio\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Aurelio\AppData\Roaming\
~ %Desktop% : C:\Users\Aurelio\Desktop\
~ %Favorites% : C:\Users\Aurelio\Favorites\
~ %LocalAppData% : C:\Users\Aurelio\AppData\Local\
~ %StartMenu% : C:\Users\Aurelio\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 867 Go of 922 Go)
D: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.06/07/2011 - 18:34:56.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 03:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.06/07/2011 - 18:36:49.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/91
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/16
~ Mes Documents (My Documents) : 1/350
~ Mon Bureau (My Desktop) : 1/707
~ Menu demarrer (Programs) : 1/6
~ Hidden Files:  Scanned in 00mn 00s



---\\ Processos lançados
[MD5.41AD6110110A2E89957F831DCBFAF892] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe   [6963512] [PID.2120]
[MD5.9D4A0ECBF734E2EECDD5B473A2D705FE] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   [20922016] [PID.2372]
[MD5.C0B97E53A0E39A48EEA2DCD500EEA07A] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe   [283160] [PID.1272]
[MD5.241B07FF7F5943B9C1BF3235F49AC1E1] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe   [689744] [PID.2504]
[MD5.F6158734F1E24C6C510155CF0D363911] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe   [295512] [PID.2672]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   [254336] [PID.2528]
[MD5.9F98821AE94E8CC78F7A5D423791B839] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe   [12971328] [PID.2608]
[MD5.DFC999E39D7465077B45F08C53BEE076] - (.Positivo Informática S.A. - Positivo Áudio.) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Áudio\AudioPower.exe   [1015808] [PID.4428]
[MD5.0667ED9F8E905E1F73DB60ACCEDCBCA7] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe   [811728] [PID.736]
[MD5.DDBE89226D55D694F1B7B3DD0C324640] - (.RealNetworks, Inc. - RealDownloader.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe   [233048] [PID.5968]
[MD5.E948B39B496BE1302E974DEBB3ED51D2] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [7869440] [PID.21468]
[MD5.6DE9AC13D76238AD7427E5453C8ECC54] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe   [519224] [PID.796]
[MD5.4D282B9C5BB05DF92C9F3977DFB9F916] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe   [440400] [PID.1256]
[MD5.65AF41A7A2C5B6693E1B4164E7632C3E] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe   [440400] [PID.1588]
[MD5.0E08BDD7326E657D59DB40BAD23D8169] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe   [1809720] [PID.1800]
[MD5.A8E7F3DB083EB0839DFC1C763CDD2594] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe   [857912] [PID.672]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe   [39056] [PID.1872]
[MD5.97F6FFB8A305A77D25C6C0E07B71D252] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe   [5024576] [PID.2144]
[MD5.02CF67DC188222A92ED8818F7224442C] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe   [238400] [PID.4532]
[MD5.090377B289C00EE8B041FDA2D8699C87] - (.Positivo Informática S.A. - WindowsService.) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\PositivoExperienceService.exe   [48640] [PID.4172]
[MD5.B25F192EA1F84A316EB7C19EFCCCF33D] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe   [13336] [PID.4772]
~ Processes Running:  Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Aurelio\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: onlinetv [64Bits] - {e6668de8-50bb-4ee3-9b43-cee14e6944fb} . (.onlinetv Company - onlinetv.) -- C:\Users\Aurelio\AppData\Roaming\Online TV\onlinetv.dll
~ BHO: 10 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [StartUpManagerPositivo] . (...) -- C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe
O4 - HKLM\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Aurelio\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe   =>.RealNetworks, Inc
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2952356932-1996913521-2274159354-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-2952356932-1996913521-2274159354-1000\..\RunOnce: [Uninstall C:\Users\Aurelio\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\system32\cmd.exe
~ Application:  Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
~ IE Zone Confiance:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{040C7364-D564-49E9-9E88-DB629CA3B10B}: DhcpNameServer = 189.4.0.146 189.4.0.141
O17 - HKLM\System\CS1\Services\Tcpip\..\{040C7364-D564-49E9-9E88-DB629CA3B10B}: DhcpNameServer = 189.4.0.146 189.4.0.141
O17 - HKLM\System\CS2\Services\Tcpip\..\{040C7364-D564-49E9-9E88-DB629CA3B10B}: DhcpNameServer = 189.4.0.146 189.4.0.141
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.4.0.146 189.4.0.141
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
~ Services: 10 Legitimates Filtered in 00mn 04s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater   [902]
~ Scheduled Task: 5 Legitimates Filtered in 00mn 00s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver:  (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver:  (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver:  (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver:  (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
~ Drivers: 71 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\FMChat]
[HKCU\Software\GbAs]
[HKLM\Software\HD Streamer]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\SPCP]
[HKLM\Software\Wow6432Node\Universal]
~ Key Software: 177 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 15/03/2014 - 16:25:51 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 02/05/2014 - 00:35:17 - [0] ----D C:\Program Files (x86)\RBM
O43 - CFD: 03/09/2012 - 19:21:37 - [0] ----D C:\ProgramData\Audio
O43 - CFD: 23/06/2013 - 14:36:57 - [0] ----D C:\ProgramData\Audio Power
O43 - CFD: 03/09/2012 - 19:20:39 - [] ----D C:\ProgramData\Vivo
O43 - CFD: 10/10/2013 - 10:55:09 - [] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 20/02/2014 - 22:47:58 - [0] ----D C:\Users\Aurelio\AppData\Roaming\80B07AD4
~ Program Folder: 164 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 01/05/2014 - 15:16:02 ---A- . (...) -- C:\autoexec.bat   [0]
O44 - LFC:[MD5.B40998C5BE901002C33964892A5A8101] - 02/05/2014 - 01:30:49 ---A- . (...) -- C:\virus.txt   [2825]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 03/05/2014 - 00:32:49 ---A- . (...) -- C:\Windows\zoek-delete.exe   [24064]
O44 - LFC:[MD5.9F67594FAD36AD5F6E01A8C9E1F1746B] - 03/05/2014 - 00:50:44 ---A- . (...) -- C:\zoek-results.log   [18047]
O44 - LFC:[MD5.7EFD5D57BDF90C236AAD5BE1DE9477C5] - 03/05/2014 - 18:52:59 ---A- . (...) -- C:\Windows\System32\prfc0416.dat   [147638]
O44 - LFC:[MD5.0B89C4E6A74B5BF759855B487782D68A] - 03/05/2014 - 18:52:59 ---A- . (...) -- C:\Windows\System32\prfh0416.dat   [705798]
~ Files: 25 Legitimates Filtered in 00mn 26s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [31232]
O58 - SDL:18/03/2014 - 22:27:24 ---A- . (.DEVGURU Co., LTD.([Você precisa estar registrado e conectado para ver este link.] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys   [109056]
O58 - SDL:18/03/2014 - 22:27:24 ---A- . (.DEVGURU Co., LTD.([Você precisa estar registrado e conectado para ver este link.] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys   [206080]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [24656]
O58 - SDL:27/03/2014 - 21:12:39 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLibG64.sys   [61120]  =>PUP.LinkiDoo
O58 - SDL:15/03/2014 - 10:26:54 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys   [31088]
~ Drivers: 61 Legitimates Filtered in 00mn 00s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.4547C099BA26A4144D6044315AC57DCC] [SPRF][11/11/2013] (...) -- C:\Users\Aurelio\AppData\Roaming\unins000.dat   [17526]
[MD5.A8DDCC18FC3706A5752713E9CC05A0BD] [SPRF][01/05/2014] (...) -- C:\Users\Aurelio\Desktop\adwcleaner.exe   [1310621]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "5509804B864D4A546AABA531D87D51CF" . (.Bing Bar.) -- C:\Windows\Installer\{B4089055-D468-45A4-A6BA-5A138DD715FC}\icon_installer_ico  =>Toolbar.Bing
~ Update Products: 1 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.683EF495176EB6BF6C18BDA0A304C22E] [WIS][21/10/2011] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\b39709.msi   [4771840]  =>Toolbar.Bing
~ WIS: 1 Legitimates Filtered in 00mn 02s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 11/05/2013 65640 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 01/05/2014 257712 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 13/03/2014 1017424 |  (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.exe
SS - | Auto 21/10/2011 196176 |  (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.exe  =>Toolbar.Bing
SS - | Auto 23/10/2013 172192 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 13/03/2014 440400 |  (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 13/03/2014 440400 |  (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 12/07/2012 48640 |  (AppManagerService) . (.Positivo Informática S.A..) - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\PositivoExperienceService.exe
SR - | Auto 13/10/2011 249648 |  (BBUpdate) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.exe  =>Toolbar.Bing
SR - | Auto 25/03/2014 519224 |  (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 13/09/2010 13336 |  (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 03/04/2014 1809720 |  (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 03/04/2014 857912 |  (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 14/08/2013 39056 |  (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 25/04/2014 5024576 |  (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 04s



---\\ Scâner Aditional (088)
Database Version : 13045 - (03/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 1

C:\Windows\Installer\b39709.msi   =>Toolbar.Bing^
~ Additionnel Scan: 210876 Items scanned in 00mn 16s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.LinkiDoo
~ MSI: 1 link(s) detected in 00mn 00s



~ 741 Legitimates filtered by white list
End of the scan (389 lines in 01mn 11s)(0)
avatar
Coelhocego
Iniciante
Iniciante

Mensagens : 37
Reputação : 0
Data de inscrição : 01/05/2014

Voltar ao Topo Ir em baixo

Re: Navegadores infectados!

Mensagem por Power Max em Sab 03 Maio 2014, 20:12

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.


Última edição por Power Max em Sab 03 Maio 2014, 20:59, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Navegadores infectados!

Mensagem por Coelhocego em Sab 03 Maio 2014, 20:55

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Aurelio at 03/05/2014 20:53:05
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\wstlibg64.sys
ELIMINÉ Temporários windows (4) (883 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
6 : Valores do Registo
1 : Pastas
3 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 17s

========== Caminho do ficheiro do relatório ==========
C:\Users\Aurelio\AppData\Roaming\ZHP\ZHPFix[R1].txt - 03/05/2014 18:58:28 [4706]
C:\Users\Aurelio\AppData\Roaming\ZHP\ZHPFix[R2].txt - 03/05/2014 20:45:56 [1476]
C:\Users\Aurelio\AppData\Roaming\ZHP\ZHPFix[R3].txt - 03/05/2014 20:53:09 [1262]
avatar
Coelhocego
Iniciante
Iniciante

Mensagens : 37
Reputação : 0
Data de inscrição : 01/05/2014

Voltar ao Topo Ir em baixo

Re: Navegadores infectados!

Mensagem por Power Max em Sab 03 Maio 2014, 20:59

Baixe o [Você precisa estar registrado e conectado para ver este link.] e salve-o no Desktop (Área de Trabalho)

Obs: Ao acessar o link acima, clique no botão Download Now 64-Bit Version

Execute o Farbar seguindo as dicas deste tutorial:

[Você precisa estar registrado e conectado para ver este link.]

*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt

Poste estes dois relatórios em sua próxima resposta. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

1º LOG

Mensagem por Coelhocego em Sab 03 Maio 2014, 22:34

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2014
Ran by Aurelio (administrator) on AURELIO-PC on 03-05-2014 22:31:37
Running from C:\Users\Aurelio\Desktop
Windows 7 Home Basic Service Pack 1 (X64) OS Language: Portuguese Brazilian
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: [Você precisa estar registrado e conectado para ver este link.]
Download link for 64-Bit Version: [Você precisa estar registrado e conectado para ver este link.]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Você precisa estar registrado e conectado para ver este link.]

==================== Processes (Whitelisted) =================

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Positivo Informática) C:\Program Files\Positivo Informática\Recovery\Recovery2.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Positivo Informática S.A.) C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Backup\PositivoSmartBackup.exe
(Positivo Informática S.A.) C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Áudio\AudioPower.exe
(Positivo Informática S.A.) C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\PositivoExperienceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_206_ActiveX.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartUpManagerPositivo] => C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe [171520 2012-03-01] ()
HKLM\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2472048 2010-08-11] (VIA)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-11-30] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginCef-x32: C:\Program Files (x86)\GbPlugin\gbiehCef.dll (Caixa Economica Federal)
Winlogon\Notify\ GbPluginUni-x32: C:\Program Files (x86)\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2952356932-1996913521-2274159354-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2952356932-1996913521-2274159354-1000\...\RunOnce: [Uninstall C:\Users\Aurelio\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aurelio\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
HKU\S-1-5-21-2952356932-1996913521-2274159354-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Assistente para criação de disco de recuperação.lnk
ShortcutTarget: Assistente para criação de disco de recuperação.lnk -> C:\Program Files\Positivo Informática\Recovery\Recovery2.exe (Positivo Informática)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Você precisa estar registrado e conectado para ver este link.]
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Você precisa estar registrado e conectado para ver este link.]
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: onlinetv - {e6668de8-50bb-4ee3-9b43-cee14e6944fb} - C:\Users\Aurelio\AppData\Roaming\Online TV\onlinetv64.dll (onlinetv Company)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
BHO-x32: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: onlinetv - {e6668de8-50bb-4ee3-9b43-cee14e6944fb} - C:\Users\Aurelio\AppData\Roaming\Online TV\onlinetv.dll (onlinetv Company)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1579848 2014-02-26] (Caixa Economica Federal)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1587768 2014-02-24] (Banco Itaú Unibanco)
Tcpip\Parameters: [DhcpNameServer] 189.4.0.146 189.4.0.141

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: gastecnologia.com.br/sf/cef - C:\Users\Aurelio\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-05]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKCU\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Aurelio\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
FF Extension: GBBD Caixa Economica Federal - C:\Users\Aurelio\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2014-01-28]
FF HKCU\...\Firefox\Extensions: [onlinetv@helper.com] - C:\Users\Aurelio\AppData\Roaming\Online TV\onlinetv.xpi
FF Extension: Online TV - C:\Users\Aurelio\AppData\Roaming\Online TV\onlinetv.xpi [2014-03-27]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKCU\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\Aurelio\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-03-13] (Avira Operations GmbH & Co. KG)
R2 AppManagerService; C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\PositivoExperienceService.exe [48640 2012-07-12] (Positivo Informática S.A.)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [519224 2014-03-25] (GAS Tecnologia)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-01-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-01-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 msi2500; C:\Windows\System32\DRIVERS\msi2500.sys [116352 2010-06-22] (Mirics)
R3 PositivoAudioDriverWdm; C:\Windows\System32\DRIVERS\pad.sys [69520 2012-03-06] (Positivo Informática S.A.)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-03 22:31 - 2014-05-03 22:31 - 00015337 _____ () C:\Users\Aurelio\Desktop\FRST.txt
2014-05-03 22:31 - 2014-05-03 22:31 - 00000000 ____D () C:\FRST
2014-05-03 22:30 - 2014-05-03 22:30 - 02062336 _____ (Farbar) C:\Users\Aurelio\Desktop\FRST64.exe
2014-05-03 20:53 - 2014-05-03 20:53 - 00001344 _____ () C:\Users\Aurelio\Desktop\ZHPFixReport.txt
2014-05-03 18:55 - 2014-05-03 18:55 - 00001991 _____ () C:\Users\Aurelio\Desktop\ZHPFix.lnk
2014-05-03 18:55 - 2014-05-03 18:55 - 00001864 _____ () C:\Users\Aurelio\Desktop\ZHPDiag.lnk
2014-05-03 18:55 - 2014-05-03 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-05-03 18:54 - 2014-05-03 18:55 - 06779163 _____ (Nicolas Coolman ) C:\Users\Aurelio\Desktop\ZHPmmDiag2.exe
2014-05-03 11:27 - 2014-05-03 11:27 - 00003188 _____ () C:\Windows\System32\Tasks\{32D9EDAA-3DD5-4A53-B818-92E41550B860}
2014-05-03 11:25 - 2014-05-03 20:53 - 00000000 ____D () C:\Users\Aurelio\AppData\Roaming\ZHP
2014-05-03 11:25 - 2014-05-03 20:50 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-05-03 11:07 - 2014-05-03 11:08 - 06778604 _____ (Nicolas Coolman ) C:\Users\Aurelio\Desktop\ZHPDiag2.exe
2014-05-03 10:58 - 2014-05-03 10:58 - 00000770 _____ () C:\Users\Aurelio\Desktop\JRT.txt
2014-05-03 10:54 - 2014-05-03 10:54 - 00000000 ____D () C:\Windows\ERUNT
2014-05-03 10:53 - 2014-05-03 10:53 - 01016261 _____ (Thisisu) C:\Users\Aurelio\Desktop\JRT.exe
2014-05-03 08:31 - 2014-04-29 11:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 08:31 - 2014-04-29 10:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-03 08:31 - 2014-04-29 09:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-03 08:31 - 2014-04-29 09:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-03 00:41 - 2014-05-03 00:32 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-03 00:33 - 2014-05-03 00:50 - 00018047 _____ () C:\zoek-results.log
2014-05-03 00:30 - 2014-05-03 00:30 - 04095370 _____ () C:\Users\Aurelio\Desktop\zoek.zip
2014-05-02 21:49 - 2014-05-03 00:40 - 00000000 ____D () C:\zoek_backup
2014-05-02 21:49 - 2014-05-02 21:50 - 01285120 _____ () C:\Users\Aurelio\Downloads\zoek.exe
2014-05-02 08:06 - 2014-05-03 20:48 - 00003348 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2952356932-1996913521-2274159354-1000
2014-05-02 03:00 - 2014-05-02 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-02 01:31 - 2014-05-03 18:33 - 00007264 _____ () C:\Users\Aurelio\Desktop\virus2.txt
2014-05-02 01:30 - 2014-05-02 01:30 - 00002825 _____ () C:\virus.txt
2014-05-02 00:22 - 2014-05-02 00:22 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-02 00:22 - 2014-05-02 00:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-02 00:22 - 2014-05-02 00:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-02 00:22 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-02 00:22 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-02 00:22 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-01 23:19 - 2014-05-01 23:29 - 01310621 _____ () C:\Users\Aurelio\Downloads\adwcleaner (3).exe
2014-05-01 23:18 - 2014-05-01 23:18 - 01310621 _____ () C:\Users\Aurelio\Desktop\adwcleaner.exe
2014-05-01 23:16 - 2014-05-01 23:16 - 01310621 _____ () C:\Users\Aurelio\Downloads\adwcleaner (2).exe
2014-05-01 19:34 - 2014-05-01 19:34 - 00000000 ____D () C:\Users\Todos os Usuários\Samsung
2014-05-01 19:34 - 2014-05-01 19:34 - 00000000 ____D () C:\ProgramData\Samsung
2014-05-01 19:34 - 2014-05-01 19:34 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-05-01 19:34 - 2014-03-18 22:27 - 00206080 _____ (DEVGURU Co., LTD.([Você precisa estar registrado e conectado para ver este link.] C:\Windows\system32\Drivers\ssudmdm.sys
2014-05-01 19:34 - 2014-03-18 22:27 - 00109056 _____ (DEVGURU Co., LTD.([Você precisa estar registrado e conectado para ver este link.] C:\Windows\system32\Drivers\ssudbus.sys
2014-05-01 19:25 - 2014-05-01 19:25 - 00000000 ____D () C:\Users\Aurelio\Documents\My Weblog Posts
2014-05-01 19:25 - 2014-05-01 19:25 - 00000000 ____D () C:\Users\Aurelio\AppData\Roaming\Windows Live Writer
2014-05-01 19:25 - 2014-05-01 19:25 - 00000000 ____D () C:\Users\Aurelio\AppData\Local\Windows Live Writer
2014-05-01 18:56 - 2014-05-01 18:56 - 00001973 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-05-01 18:49 - 2014-05-01 18:56 - 00000000 ____D () C:\Users\Aurelio\AppData\Roaming\Samsung
2014-05-01 18:49 - 2014-05-01 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-05-01 18:49 - 2014-05-01 18:56 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-05-01 18:49 - 2014-05-01 18:52 - 00000000 ____D () C:\Users\Aurelio\AppData\Local\Downloaded Installations
2014-05-01 18:49 - 2014-05-01 18:49 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-05-01 18:49 - 2014-05-01 18:49 - 00000000 ____D () C:\Users\Aurelio\Documents\SelfMV
2014-05-01 18:49 - 2014-05-01 18:49 - 00000000 ____D () C:\Users\Aurelio\Documents\samsung
2014-05-01 18:49 - 2014-02-25 16:48 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2014-05-01 18:48 - 2014-05-01 18:48 - 39500592 _____ (Samsung Electronics Co., Ltd.) C:\Users\Aurelio\Downloads\270-Kies3Setup.exe
2014-05-01 16:09 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-01 15:16 - 2014-05-01 15:16 - 00000000 _____ () C:\autoexec.bat
2014-05-01 15:15 - 2014-05-01 17:32 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-01 15:15 - 2014-05-01 15:15 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-01 15:11 - 2014-05-01 16:26 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Aurelio\Downloads\SpyHunter-Installer.exe
2014-05-01 11:57 - 2014-05-01 11:56 - 02951802 _____ (InstallShield Software Corporation) C:\Users\Aurelio\Downloads\EClea2_0.exe
2014-05-01 11:32 - 2014-05-01 11:32 - 00000000 __SHD () C:\Users\Aurelio\AppData\Local\EmieUserList
2014-05-01 11:32 - 2014-05-01 11:32 - 00000000 __SHD () C:\Users\Aurelio\AppData\Local\EmieSiteList
2014-05-01 11:31 - 2014-04-13 23:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-01 11:31 - 2014-04-13 23:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-28 19:35 - 2014-04-28 19:35 - 00922448 _____ () C:\Windows\Minidump\042814-11700-01.dmp
2014-04-26 23:22 - 2014-04-26 23:22 - 00308360 _____ () C:\Users\Aurelio\Downloads\Setup (2).exe
2014-04-26 23:19 - 2014-04-26 23:30 - 00000000 ___RD () C:\Users\Aurelio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-24 17:34 - 2014-04-24 17:34 - 00462192 _____ () C:\Users\Aurelio\Downloads\Setup (1).exe
2014-04-22 15:55 - 2014-04-22 15:55 - 06747109 _____ () C:\Users\Aurelio\Downloads\HINO IGREJA.wmv
2014-04-22 14:46 - 2014-04-22 14:46 - 00126908 _____ () C:\Users\Aurelio\Documents\telos04.xps
2014-04-22 14:23 - 2014-04-22 14:23 - 00004215 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-22 14:23 - 2014-04-22 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-22 14:23 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-22 14:22 - 2014-04-22 14:22 - 00921512 _____ (Oracle Corporation) C:\Users\Aurelio\Downloads\chromeinstall-7u55 (3).exe
2014-04-22 14:19 - 2014-04-22 14:19 - 00921512 _____ (Oracle Corporation) C:\Users\Aurelio\Downloads\chromeinstall-7u55 (2).exe
2014-04-22 13:32 - 2014-04-22 13:32 - 00176473 _____ () C:\Users\Aurelio\Documents\sanepar04.xps
2014-04-22 13:28 - 2014-04-22 13:28 - 00310160 _____ () C:\Users\Aurelio\Documents\copel 05.xps
2014-04-22 13:26 - 2014-04-22 13:26 - 00921512 _____ (Oracle Corporation) C:\Users\Aurelio\Downloads\chromeinstall-7u55 (1).exe
2014-04-22 13:25 - 2014-04-22 13:25 - 00921512 _____ (Oracle Corporation) C:\Users\Aurelio\Downloads\chromeinstall-7u55.exe
2014-04-21 12:18 - 2014-04-21 12:18 - 00164574 _____ () C:\Users\Aurelio\Downloads\blossom.zip
2014-04-21 12:17 - 2014-04-21 12:17 - 00020128 _____ () C:\Users\Aurelio\Downloads\carolingia.zip
2014-04-21 12:16 - 2014-04-21 12:16 - 00038795 _____ () C:\Users\Aurelio\Downloads\english.zip
2014-04-21 12:16 - 2014-04-21 12:16 - 00030223 _____ () C:\Users\Aurelio\Downloads\anke_calligraphic_f.zip
2014-04-21 12:14 - 2014-04-21 12:14 - 00021473 _____ () C:\Users\Aurelio\Downloads\imitation.zip
2014-04-21 12:14 - 2014-04-21 12:14 - 00020332 _____ () C:\Users\Aurelio\Downloads\belphebe.zip
2014-04-21 12:11 - 2014-04-21 12:11 - 00039171 _____ () C:\Users\Aurelio\Downloads\saffron_too.zip
2014-04-21 12:09 - 2014-04-21 12:09 - 00028265 _____ () C:\Users\Aurelio\Downloads\adorable.zip
2014-04-21 12:08 - 2014-04-21 12:08 - 00046129 _____ () C:\Users\Aurelio\Downloads\angelina (1).zip
2014-04-21 12:07 - 2014-04-21 12:07 - 00046129 _____ () C:\Users\Aurelio\Downloads\angelina.zip
2014-04-19 23:49 - 2014-04-19 23:49 - 00000000 ____D () C:\Users\Aurelio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-04-19 23:49 - 2014-04-19 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-04-19 23:27 - 2014-05-01 22:47 - 00000000 ____D () C:\Users\Aurelio\Desktop\Anna Clara
2014-04-19 21:08 - 2014-04-19 21:17 - 160702556 _____ () C:\Users\Aurelio\Downloads\Portable-CorelDRAW-X5-PT-BR.7z
2014-04-19 20:38 - 2014-04-19 20:41 - 219384716 _____ () C:\Users\Aurelio\Downloads\Corel DHRAW X5 Portable.rar
2014-04-14 08:56 - 2014-03-06 05:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-14 08:56 - 2014-03-06 05:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-14 08:56 - 2014-03-06 05:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-14 08:56 - 2014-03-06 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-14 08:55 - 2014-03-06 06:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-14 08:55 - 2014-03-06 05:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-14 08:55 - 2014-03-06 05:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-14 08:55 - 2014-03-06 05:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-14 08:55 - 2014-03-06 05:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-14 08:55 - 2014-03-06 05:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-14 08:55 - 2014-03-06 05:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-14 08:55 - 2014-03-06 05:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-14 08:55 - 2014-03-06 05:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-14 08:55 - 2014-03-06 05:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-14 08:55 - 2014-03-06 05:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-14 08:55 - 2014-03-06 05:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-14 08:55 - 2014-03-06 05:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-14 08:55 - 2014-03-06 05:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-14 08:55 - 2014-03-06 05:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-14 08:55 - 2014-03-06 04:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-14 08:55 - 2014-03-06 04:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-14 08:55 - 2014-03-06 04:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-14 08:55 - 2014-03-06 04:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-14 08:55 - 2014-03-06 04:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-14 08:55 - 2014-03-06 04:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-14 08:55 - 2014-03-06 04:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-14 08:55 - 2014-03-06 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-14 08:55 - 2014-03-06 04:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-14 08:55 - 2014-03-06 04:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-14 08:55 - 2014-03-06 04:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-14 08:55 - 2014-03-06 04:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-14 08:55 - 2014-03-06 04:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-14 08:55 - 2014-03-06 04:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-14 08:55 - 2014-03-06 04:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-14 08:55 - 2014-03-06 03:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-14 08:55 - 2014-03-06 03:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-14 08:55 - 2014-03-06 03:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-14 08:55 - 2014-03-06 03:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-14 08:55 - 2014-03-06 03:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-14 08:55 - 2014-03-06 02:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-14 08:55 - 2014-03-06 02:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-14 08:55 - 2014-03-06 02:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-14 08:55 - 2014-03-06 02:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-14 08:55 - 2014-03-06 02:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-13 18:52 - 2014-05-01 11:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-12 08:45 - 2014-05-03 11:13 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-04-12 08:45 - 2014-04-12 08:45 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-04-12 08:44 - 2014-04-12 08:44 - 06121704 _____ (TeamViewer GmbH) C:\Users\Aurelio\Downloads\TeamViewer_Setup_pt (1).exe
2014-04-10 22:40 - 2014-04-10 22:41 - 32965554 _____ () C:\Users\Aurelio\Downloads\Wireless LAN_Atheros_8.0.0.279_W7x86W7x64_A.zip
2014-04-10 22:39 - 2014-04-10 22:46 - 399838146 _____ () C:\Users\Aurelio\Downloads\Wireless LAN_Intel_13.0.0.107_W7x86W7x64_A.zip
2014-04-10 22:39 - 2014-04-10 22:40 - 24498508 _____ () C:\Users\Aurelio\Downloads\Wireless LAN_liteon_9.0.0.173_W7x86_A.zip
2014-04-10 22:39 - 2014-04-10 22:39 - 02445158 _____ () C:\Users\Aurelio\Downloads\Chipset_Intel_9.1.1.1025_W7x86W7x64_A.zip
2014-04-09 19:50 - 2014-04-09 19:50 - 07106560 _____ () C:\Users\Aurelio\Downloads\estambul-bosforo (1).pps
2014-04-09 19:41 - 2014-04-09 19:41 - 07106560 _____ () C:\Users\Aurelio\Downloads\estambul-bosforo.pps
2014-04-09 16:05 - 2014-04-09 16:05 - 00170204 _____ () C:\Users\Aurelio\Documents\aguaPLesteA.xps
2014-04-08 18:26 - 2014-03-04 06:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 18:26 - 2014-03-04 06:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-08 18:26 - 2014-03-04 06:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-08 18:26 - 2014-03-04 06:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-08 18:26 - 2014-03-04 06:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-08 18:26 - 2014-03-04 06:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-08 18:26 - 2014-03-04 06:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 18:26 - 2014-03-04 06:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-08 18:26 - 2014-03-04 06:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-08 18:26 - 2014-03-04 05:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-08 18:26 - 2014-03-04 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-08 18:26 - 2014-02-03 23:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-08 18:26 - 2014-02-03 23:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-08 18:26 - 2014-02-03 23:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-08 18:26 - 2014-02-03 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-08 18:26 - 2014-02-03 23:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-08 18:26 - 2014-01-23 23:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders =======

2014-05-03 22:31 - 2014-05-03 22:31 - 00015337 _____ () C:\Users\Aurelio\Desktop\FRST.txt
2014-05-03 22:31 - 2014-05-03 22:31 - 00000000 ____D () C:\FRST
2014-05-03 22:30 - 2014-05-03 22:30 - 02062336 _____ (Farbar) C:\Users\Aurelio\Desktop\FRST64.exe
2014-05-03 22:28 - 2013-06-24 09:54 - 00000000 ____D () C:\Users\Todos os Usuários\GbPlugin
2014-05-03 22:28 - 2013-06-24 09:54 - 00000000 ____D () C:\ProgramData\GbPlugin
2014-05-03 22:26 - 2014-03-29 14:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-03 22:26 - 2013-06-23 14:31 - 01792108 _____ () C:\Windows\WindowsUpdate.log
2014-05-03 22:07 - 2014-03-15 16:02 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-03 20:57 - 2009-07-14 01:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-03 20:57 - 2009-07-14 01:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-03 20:54 - 2011-04-12 10:40 - 00705798 _____ () C:\Windows\system32\prfh0416.dat
2014-05-03 20:54 - 2011-04-12 10:40 - 00147638 _____ () C:\Windows\system32\prfc0416.dat
2014-05-03 20:54 - 2009-07-14 02:13 - 01635826 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-03 20:53 - 2014-05-03 20:53 - 00001344 _____ () C:\Users\Aurelio\Desktop\ZHPFixReport.txt
2014-05-03 20:53 - 2014-05-03 11:25 - 00000000 ____D () C:\Users\Aurelio\AppData\Roaming\ZHP
2014-05-03 20:50 - 2014-05-03 11:25 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-05-03 20:48 - 2014-05-02 08:06 - 00003348 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2952356932-1996913521-2274159354-1000
2014-05-03 20:48 - 2014-03-29 09:26 - 00003218 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2952356932-1996913521-2274159354-1000
2014-05-03 20:48 - 2014-03-12 10:05 - 00000000 ____D () C:\Users\Aurelio\AppData\Roaming\Skype
2014-05-03 20:47 - 2010-11-21 00:47 - 00594438 _____ () C:\Windows\PFRO.log
2014-05-03 20:47 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-03 20:47 - 2009-07-14 01:51 - 00092677 _____ () C:\Windows\setupact.log
2014-05-03 18:55 - 2014-05-03 18:55 - 00001991 _____ () C:\Users\Aurelio\Desktop\ZHPFix.lnk
2014-05-03 18:55 - 2014-05-03 18:55 - 00001864 _____ () C:\Users\Aurelio\Desktop\ZHPDiag.lnk
2014-05-03 18:55 - 2014-05-03 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-05-03 18:55 - 2014-05-03 18:54 - 06779163 _____ (Nicolas Coolman ) C:\Users\Aurelio\Desktop\ZHPmmDiag2.exe
2014-05-03 18:33 - 2014-05-02 01:31 - 00007264 _____ () C:\Users\Aurelio\Desktop\virus2.txt
2014-05-03 11:27 - 2014-05-03 11:27 - 00003188 _____ () C:\Windows\System32\Tasks\{32D9EDAA-3DD5-4A53-B818-92E41550B860}
2014-05-03 11:13 - 2014-04-12 08:45 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-05-03 11:08 - 2014-05-03 11:07 - 06778604 _____ (Nicolas Coolman ) C:\Users\Aurelio\Desktop\ZHPDiag2.exe
2014-05-03 11:02 - 2013-06-23 14:36 - 00000000 ____D () C:\Users\Aurelio\PSafe
2014-05-03 10:58 - 2014-05-03 10:58 - 00000770 _____ () C:\Users\Aurelio\Desktop\JRT.txt
2014-05-03 10:54 - 2014-05-03 10:54 - 00000000 ____D () C:\Windows\ERUNT
2014-05-03 10:53 - 2014-05-03 10:53 - 01016261 _____ (Thisisu) C:\Users\Aurelio\Desktop\JRT.exe
2014-05-03 00:50 - 2014-05-03 00:33 - 00018047 _____ () C:\zoek-results.log
2014-05-03 00:40 - 2014-05-02 21:49 - 00000000 ____D () C:\zoek_backup
2014-05-03 00:32 - 2014-05-03 00:41 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-03 00:30 - 2014-05-03 00:30 - 04095370 _____ () C:\Users\Aurelio\Desktop\zoek.zip
2014-05-02 21:50 - 2014-05-02 21:49 - 01285120 _____ () C:\Users\Aurelio\Downloads\zoek.exe
2014-05-02 03:00 - 2014-05-02 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-02 01:30 - 2014-05-02 01:30 - 00002825 _____ () C:\virus.txt
2014-05-02 00:37 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\Speech
2014-05-02 00:35 - 2014-02-21 17:37 - 00000000 ____D () C:\Program Files (x86)\RBM
2014-05-02 00:22 - 2014-05-02 00:22 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-02 00:22 - 2014-05-02 00:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-02 00:22 - 2014-05-02 00:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-01 23:30 - 2014-02-15 12:44 - 00000000 ____D () C:\AdwCleaner
2014-05-01 23:29 - 2014-05-01 23:19 - 01310621 _____ () C:\Users\Aurelio\Downloads\adwcleaner (3).exe
2014-05-01 23:18 - 2014-05-01 23:18 - 01310621 _____ () C:\Users\Aurelio\Desktop\adwcleaner.exe
2014-05-01 23:16 - 2014-05-01 23:16 - 01310621 _____ () C:\Users\Aurelio\Downloads\adwcleaner (2).exe
2014-05-01 22:47 - 2014-04-19 23:27 - 00000000 ____D () C:\Users\Aurelio\Desktop\Anna Clara
2014-05-01 19:34 - 2014-05-01 19:34 - 00000000 ____D () C:\Users\Todos os Usuários\Samsung
2014-05-01 19:34 - 2014-05-01 19:34 - 00000000 ____D () C:\ProgramData\Samsung
2014-05-01 19:34 - 2014-05-01 19:34 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-05-01 19:25 - 2014-05-01 19:25 - 00000000 ____D () C:\Users\Aurelio\Documents\My Weblog Posts
2014-05-01 19:25 - 2014-05-01 19:25 - 00000000 ____D () C:\Users\Aurelio\AppData\Roaming\Windows Live Writer
2014-05-01 19:25 - 2014-05-01 19:25 - 00000000 ____D () C:\Users\Aurelio\AppData\Local\Windows Live Writer
2014-05-01 18:56 - 2014-05-01 18:56 - 00001973 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-05-01 18:56 - 2014-05-01 18:49 - 00000000 ____D () C:\Users\Aurelio\AppData\Roaming\Samsung
2014-05-01 18:56 - 2014-05-01 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-05-01 18:56 - 2014-05-01 18:49 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-05-01 18:56 - 2012-09-03 18:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-01 18:52 - 2014-05-01 18:49 - 00000000 ____D () C:\Users\Aurelio\AppData\Local\Downloaded Installations
2014-05-01 18:49 - 2014-05-01 18:49 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-05-01 18:49 - 2014-05-01 18:49 - 00000000 ____D () C:\Users\Aurelio\Documents\SelfMV
2014-05-01 18:49 - 2014-05-01 18:49 - 00000000 ____D () C:\Users\Aurelio\Documents\samsung
2014-05-01 18:48 - 2014-05-01 18:48 - 39500592 _____ (Samsung Electronics Co., Ltd.) C:\Users\Aurelio\Downloads\270-Kies3Setup.exe
2014-05-01 17:54 - 2014-03-15 19:49 - 00000000 ____D () C:\Users\Aurelio\AppData\Local\Windows Live
2014-05-01 17:32 - 2014-05-01 15:15 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-01 16:27 - 2013-06-23 14:34 - 00000000 ____D () C:\Users\Aurelio
2014-05-01 16:26 - 2014-05-01 15:11 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Aurelio\Downloads\SpyHunter-Installer.exe
2014-05-01 15:16 - 2014-05-01 15:16 - 00000000 _____ () C:\autoexec.bat
2014-05-01 15:15 - 2014-05-01 15:15 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-01 13:10 - 2014-03-15 16:02 - 00003840 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-01 13:10 - 2013-07-19 13:47 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 13:10 - 2013-07-19 13:47 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-01 11:56 - 2014-05-01 11:57 - 02951802 _____ (InstallShield Software Corporation) C:\Users\Aurelio\Downloads\EClea2_0.exe
2014-05-01 11:38 - 2014-04-13 18:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-01 11:33 - 2013-06-23 14:52 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-01 11:32 - 2014-05-01 11:32 - 00000000 __SHD () C:\Users\Aurelio\AppData\Local\EmieUserList
2014-05-01 11:32 - 2014-05-01 11:32 - 00000000 __SHD () C:\Users\Aurelio\AppData\Local\EmieSiteList
2014-05-01 11:29 - 2013-09-13 15:29 - 00000000 ____D () C:\Users\Todos os Usuários\GAS Tecnologia
2014-05-01 11:29 - 2013-09-13 15:29 - 00000000 ____D () C:\ProgramData\GAS Tecnologia
2014-04-29 11:01 - 2014-05-03 08:31 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 10:40 - 2014-05-03 08:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 09:48 - 2014-05-03 08:31 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 09:34 - 2014-05-03 08:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-28 19:35 - 2014-04-28 19:35 - 00922448 _____ () C:\Windows\Minidump\042814-11700-01.dmp
2014-04-28 19:35 - 2013-07-19 09:52 - 277254306 _____ () C:\Windows\MEMORY.DMP
2014-04-28 19:35 - 2013-07-19 09:52 - 00000000 ____D () C:\Windows\Minidump
2014-04-26 23:30 - 2014-04-26 23:19 - 00000000 ___RD () C:\Users\Aurelio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-26 23:22 - 2014-04-26 23:22 - 00308360 _____ () C:\Users\Aurelio\Downloads\Setup (2).exe
2014-04-24 17:34 - 2014-04-24 17:34 - 00462192 _____ () C:\Users\Aurelio\Downloads\Setup (1).exe
2014-04-22 15:55 - 2014-04-22 15:55 - 06747109 _____ () C:\Users\Aurelio\Downloads\HINO IGREJA.wmv
2014-04-22 14:46 - 2014-04-22 14:46 - 00126908 _____ () C:\Users\Aurelio\Documents\telos04.xps
2014-04-22 14:24 - 2013-10-23 20:08 - 00000000 ____D () C:\Users\Todos os Usuários\Oracle
2014-04-22 14:24 - 2013-10-23 20:08 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-22 14:23 - 2014-04-22 14:23 - 00004215 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-22 14:23 - 2014-04-22 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-22 14:23 - 2013-10-23 20:08 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-22 14:22 - 2014-04-22 14:22 - 00921512 _____ (Oracle Corporation) C:\Users\Aurelio\Downloads\chromeinstall-7u55 (3).exe
2014-04-22 14:19 - 2014-04-22 14:19 - 00921512 _____ (Oracle Corporation) C:\Users\Aurelio\Downloads\chromeinstall-7u55 (2).exe
2014-04-22 13:32 - 2014-04-22 13:32 - 00176473 _____ () C:\Users\Aurelio\Documents\sanepar04.xps
2014-04-22 13:28 - 2014-04-22 13:28 - 00310160 _____ () C:\Users\Aurelio\Documents\copel 05.xps
2014-04-22 13:26 - 2014-04-22 13:26 - 00921512 _____ (Oracle Corporation) C:\Users\Aurelio\Downloads\chromeinstall-7u55 (1).exe
2014-04-22 13:25 - 2014-04-22 13:25 - 00921512 _____ (Oracle Corporation) C:\Users\Aurelio\Downloads\chromeinstall-7u55.exe
2014-04-22 09:41 - 2013-06-23 14:36 - 00116408 _____ () C:\Users\Aurelio\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-22 09:40 - 2009-07-14 01:45 - 00450088 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-21 12:18 - 2014-04-21 12:18 - 00164574 _____ () C:\Users\Aurelio\Downloads\blossom.zip
2014-04-21 12:17 - 2014-04-21 12:17 - 00020128 _____ () C:\Users\Aurelio\Downloads\carolingia.zip
2014-04-21 12:16 - 2014-04-21 12:16 - 00038795 _____ () C:\Users\Aurelio\Downloads\english.zip
2014-04-21 12:16 - 2014-04-21 12:16 - 00030223 _____ () C:\Users\Aurelio\Downloads\anke_calligraphic_f.zip
2014-04-21 12:14 - 2014-04-21 12:14 - 00021473 _____ () C:\Users\Aurelio\Downloads\imitation.zip
2014-04-21 12:14 - 2014-04-21 12:14 - 00020332 _____ () C:\Users\Aurelio\Downloads\belphebe.zip
2014-04-21 12:11 - 2014-04-21 12:11 - 00039171 _____ () C:\Users\Aurelio\Downloads\saffron_too.zip
2014-04-21 12:09 - 2014-04-21 12:09 - 00028265 _____ () C:\Users\Aurelio\Downloads\adorable.zip
2014-04-21 12:08 - 2014-04-21 12:08 - 00046129 _____ () C:\Users\Aurelio\Downloads\angelina (1).zip
2014-04-21 12:07 - 2014-04-21 12:07 - 00046129 _____ () C:\Users\Aurelio\Downloads\angelina.zip
2014-04-20 10:09 - 2013-06-24 11:07 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-04-19 23:49 - 2014-04-19 23:49 - 00000000 ____D () C:\Users\Aurelio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-04-19 23:49 - 2014-04-19 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-04-19 23:49 - 2013-06-24 11:08 - 00000000 ____D () C:\Program Files\WinRAR
2014-04-19 21:17 - 2014-04-19 21:08 - 160702556 _____ () C:\Users\Aurelio\Downloads\Portable-CorelDRAW-X5-PT-BR.7z
2014-04-19 20:54 - 2014-03-27 12:14 - 00003544 _____ () C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633
2014-04-19 20:49 - 2013-10-06 13:45 - 00000029 _____ () C:\Windows\SysWOW64\config.ini
2014-04-19 20:41 - 2014-04-19 20:38 - 219384716 _____ () C:\Users\Aurelio\Downloads\Corel DHRAW X5 Portable.rar
2014-04-14 20:13 - 2013-10-23 20:08 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-22 14:23 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2013-10-23 20:08 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2013-10-23 20:08 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-14 11:17 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-14 03:31 - 2013-06-23 19:41 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-04-13 23:24 - 2014-05-01 11:31 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-13 23:19 - 2014-05-01 11:31 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-13 19:53 - 2013-11-17 22:27 - 00000000 ____D () C:\Users\Aurelio\AppData\Roaming\MacromediaFlesh
2014-04-12 08:46 - 2014-02-23 14:41 - 00000000 ____D () C:\Users\Aurelio\AppData\Roaming\TeamViewer
2014-04-12 08:45 - 2014-04-12 08:45 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-04-12 08:44 - 2014-04-12 08:44 - 06121704 _____ (TeamViewer GmbH) C:\Users\Aurelio\Downloads\TeamViewer_Setup_pt (1).exe
2014-04-10 22:46 - 2014-04-10 22:39 - 399838146 _____ () C:\Users\Aurelio\Downloads\Wireless LAN_Intel_13.0.0.107_W7x86W7x64_A.zip
2014-04-10 22:41 - 2014-04-10 22:40 - 32965554 _____ () C:\Users\Aurelio\Downloads\Wireless LAN_Atheros_8.0.0.279_W7x86W7x64_A.zip
2014-04-10 22:40 - 2014-04-10 22:39 - 24498508 _____ () C:\Users\Aurelio\Downloads\Wireless LAN_liteon_9.0.0.173_W7x86_A.zip
2014-04-10 22:39 - 2014-04-10 22:39 - 02445158 _____ () C:\Users\Aurelio\Downloads\Chipset_Intel_9.1.1.1025_W7x86W7x64_A.zip
2014-04-09 19:50 - 2014-04-09 19:50 - 07106560 _____ () C:\Users\Aurelio\Downloads\estambul-bosforo (1).pps
2014-04-09 19:41 - 2014-04-09 19:41 - 07106560 _____ () C:\Users\Aurelio\Downloads\estambul-bosforo.pps
2014-04-09 16:05 - 2014-04-09 16:05 - 00170204 _____ () C:\Users\Aurelio\Documents\aguaPLesteA.xps
2014-04-09 11:28 - 2013-06-25 17:24 - 00000000 ____D () C:\Users\Aurelio\AppData\Roaming\Positivo Backup
2014-04-08 19:38 - 2013-11-09 21:21 - 00000000 ____D () C:\Users\Todos os Usuários\Microsoft Help
2014-04-08 19:38 - 2013-11-09 21:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-08 19:38 - 2013-07-17 23:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-08 19:37 - 2013-06-28 10:28 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 14:52 - 2014-03-31 21:40 - 00000000 ____D () C:\Users\Aurelio\.receitanet
2014-04-08 09:09 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-03 09:51 - 2014-05-02 00:22 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-05-02 00:22 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-05-02 00:22 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\Aurelio\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-01 19:23

==================== End Of Log ============================
avatar
Coelhocego
Iniciante
Iniciante

Mensagens : 37
Reputação : 0
Data de inscrição : 01/05/2014

Voltar ao Topo Ir em baixo

2º LOG

Mensagem por Coelhocego em Sab 03 Maio 2014, 22:35

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2014
Ran by Aurelio at 2014-05-03 22:31:56
Running from C:\Users\Aurelio\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Aplicação da Promoção Vivo® Banda Larga (HKLM\...\{674e54ef-d593-4d80-8be2-35d0d8192a23}}_is1) (Version: 2.0.7.0 - Positivo Informática S.A.)
Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}) (Version:  - Microsoft)
Gerenciador de Inicialização Positivo (HKLM\...\{E365D4D7-BD51-4A7F-8ECA-0B6C0C42D3CF}_is1) (Version: 1.0.16.1 - Positivo Informática S.A.)
Java Auto Updater (HKLM-x32\...\{4A03706F-666A-4037-7777-5F2748764D10}) (Version:  - )
Malwarebytes Anti-Malware versão 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Positivo Áudio (HKLM\...\{D00FA097-5115-400D-84AD-4ADEF3EBDB5E}_is1) (Version: 1.4.1.0 - Positivo Informática S.A.)
Positivo Conversor 3D (HKLM\...\{D0582368-2DFF-48EA-AC8D-1FA8E31CA38C}_is1) (Version: 1.0.0.7 - Positivo Informática S.A.)
Positivo Experience (HKLM\...\{AAB13E97-449B-4D5B-BDE2-AB47B938B722}_is1) (Version: 1.3.4.2 - Positivo Informática S.A.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14034.12 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14034.12 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.40.0 - SAMSUNG Electronics Co., Ltd.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{52F3455A-9ADB-41A6-BCE7-8D99F3770590}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
ZHPDiag 2014 (HKLM-x32\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)

==================== Restore Points  =========================

01-05-2014 14:31:10 Windows Update
01-05-2014 14:57:44 Installed EasyCleaner
01-05-2014 18:15:22 Installed SpyHunter
01-05-2014 18:55:08 Removed SpyHunter
01-05-2014 18:58:54 Installed SpyHunter
01-05-2014 19:08:47 Removed EasyCleaner
01-05-2014 20:30:18 Removed SpyHunter
01-05-2014 21:49:22 Installed Samsung Kies3
01-05-2014 21:52:12 Installed Samsung Kies3
01-05-2014 21:55:30 Removed Samsung Kies3
01-05-2014 21:56:02 Installed Samsung Kies3
02-05-2014 06:00:27 Windows Update
03-05-2014 03:33:56 zoek.exe restore point
03-05-2014 11:31:10 Windows Update
03-05-2014 21:57:54 ZHPFix Restore System Point
03-05-2014 23:45:37 ZHPFix Restore System Point
03-05-2014 23:52:55 ZHPFix Restore System Point

==================== Hosts content: ==========================

2009-07-13 23:34 - 2014-05-03 18:46 - 00000822 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2A0A4B32-D932-49E5-80BE-8B88850E6DCA} - \pricemetertask No Task File <==== ATTENTION
Task: {2E677BCE-BAF9-4547-91EA-3AEE7A5F1CF8} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2952356932-1996913521-2274159354-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {44FE3A19-EF9F-4E48-8F00-90847626FA00} - \SaveSense No Task File <==== ATTENTION
Task: {64BEC2F6-5692-4C20-8354-06F320D471B8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2952356932-1996913521-2274159354-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {83E98B37-9DBA-45A9-96FF-660F87698654} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
Task: {8646CC45-A708-4A0B-88CF-507DFD000750} - \pricemeterdownloader No Task File <==== ATTENTION
Task: {8DF7FF4B-B696-4E10-BDBC-355616E1142A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-01] (Adobe Systems Incorporated)
Task: {B349DF7B-CBA4-4174-A8D9-6730429627DA} - \LaunchApp No Task File <==== ATTENTION
Task: {C7CB3DAD-DD99-4D35-9F04-3E30D2430B32} - \pricemeterwatcher No Task File <==== ATTENTION
Task: {DD191AED-FD49-42A3-81B6-F6A1847A77AA} - \Dealply No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2011-04-12 15:15 - 2010-11-12 01:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-03 18:29 - 2010-08-11 11:32 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2012-09-03 18:29 - 2010-08-11 11:32 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2012-09-03 18:29 - 2010-08-11 11:32 - 00105584 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2012-09-03 18:29 - 2010-08-11 11:32 - 64643696 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-10-06 13:41 - 2013-10-06 13:38 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-09-03 19:21 - 2012-03-12 10:54 - 00194560 _____ () C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Áudio\LibSoundManager.dll
2014-02-12 13:15 - 2014-02-12 13:15 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\aa739380ca2b2fc7366d464d2f2301ac\IsdiInterop.ni.dll
2012-09-03 18:30 - 2010-09-13 18:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows\System32:9DAF8F0A_Cef.gbp
AlternateDataStreams: C:\Windows\System32:9DAF8F0A_Uni.gbp
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Aurelio\Documents\copel cta.tiff:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Aurelio\Documents\copel cta.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Aurelio\Documents\minha turma.tiff:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Aurelio\Documents\minha turma.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de Túnel Teredo da Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2014 08:52:31 PM) (Source: Application Hang) (User: )
Description: O programa ZHPDiag.exe versão 2014.5.3.52 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID de Processo: fa4

Hora de Início: 01cf672a75cd4ebe

Hora de Término: 3

Caminho do Aplicativo: C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe

Id do Relatório: fc278f26-d31d-11e3-8bbc-c89cdcc10a4b

Error: (05/03/2014 08:49:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 08:46:45 PM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: IEXPLORE.EXE, versão: 11.0.9600.17041, carimbo de hora: 0x531807e4
Nome do módulo de falhas: ntdll.dll, versão: 6.1.7601.18247, carimbo de hora: 0x521ea8e7
Código de exceção: 0xc0000374
Deslocamento com falha: 0x000ce753
Identificação do processo com falha: 0x14fc
Hora de início do aplicativo com falha: 0xIEXPLORE.EXE0
Caminho do aplicativo com falha: IEXPLORE.EXE1
FCaminho do módulo de falhas: IEXPLORE.EXE2
Identificação do Relatório: IEXPLORE.EXE3

Error: (05/03/2014 06:48:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 00:37:49 PM) (Source: SideBySide) (User: )
Description: Falha na geração de contexto de ativação para "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Assembly dependente rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error: (05/03/2014 11:04:01 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/03/2014 06:47:39 PM) (Source: Service Control Manager) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização:
Bnbase
Bndef
Bprotect

Error: (05/03/2014 06:04:29 PM) (Source: Schannel) (User: AUTORIDADE NT)
Description: O seguinte alerta fatal foi gerado: 40. O estado do erro interno é 252.

Error: (05/03/2014 06:04:29 PM) (Source: Schannel) (User: AUTORIDADE NT)
Description: O seguinte alerta fatal foi gerado: 40. O estado do erro interno é 252.

Error: (05/03/2014 11:03:13 AM) (Source: Service Control Manager) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização:
Bnbase
Bndef
Bprotect


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 27%
Total physical RAM: 6038.72 MB
Available physical RAM: 4364.32 MB
Total Pagefile: 12075.62 MB
Available Pagefile: 9254.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:921.75 GB) (Free:866.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Cool(Size: 932 GB) (Disk ID: 8B5EA29C)
Partition 1: (Active) - (Size=10 GB) - (Type=27)
Partition 2: (Not Active) - (Size=922 GB) - (Type=07 NTFS)

==================== End Of Log ============================
avatar
Coelhocego
Iniciante
Iniciante

Mensagens : 37
Reputação : 0
Data de inscrição : 01/05/2014

Voltar ao Topo Ir em baixo

Re: Navegadores infectados!

Mensagem por Power Max em Sab 03 Maio 2014, 23:14

Baixe o arquivo fixlist.txt que está anexado nesta postagem e salve-o no desktop (área de trabalho).

Execute o FRST64. Clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Navegadores infectados!

Mensagem por Coelhocego em Sab 03 Maio 2014, 23:51

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-05-2014
Ran by Aurelio at 2014-05-03 23:50:01 Run:2
Running from C:\Users\Aurelio\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM\...\Policies\Explorer: [NoControlPanel] 0
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
2014-05-01 15:15 - 2014-05-01 15:15 - 00000000 ____D () C:\Program Files\Enigma Software Group
Task: {2A0A4B32-D932-49E5-80BE-8B88850E6DCA} - \pricemetertask No Task File <==== ATTENTION
Task: {44FE3A19-EF9F-4E48-8F00-90847626FA00} - \SaveSense No Task File <==== ATTENTION
Task: {83E98B37-9DBA-45A9-96FF-660F87698654} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
Task: {8646CC45-A708-4A0B-88CF-507DFD000750} - \pricemeterdownloader No Task File <==== ATTENTION
Task: {B349DF7B-CBA4-4174-A8D9-6730429627DA} - \LaunchApp No Task File <==== ATTENTION
Task: {C7CB3DAD-DD99-4D35-9F04-3E30D2430B32} - \pricemeterwatcher No Task File <==== ATTENTION
Task: {DD191AED-FD49-42A3-81B6-F6A1847A77AA} - \Dealply No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Aurelio\Documents\copel cta.tiff: 3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Aurelio\Documents\copel cta.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Aurelio\Documents\minha turma.tiff: 3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Aurelio\Documents\minha turma.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:373E1720
end
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value not found.
"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Policies\Google => Key not found.
BprotectEx => Service not found.
esgiguard => Service not found.
PCFApiUtil => Service not found.
"C:\Program Files\Enigma Software Group" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A0A4B32-D932-49E5-80BE-8B88850E6DCA} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pricemetertask => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44FE3A19-EF9F-4E48-8F00-90847626FA00} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SaveSense => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83E98B37-9DBA-45A9-96FF-660F87698654} => Key not found.
C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8646CC45-A708-4A0B-88CF-507DFD000750} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pricemeterdownloader => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B349DF7B-CBA4-4174-A8D9-6730429627DA} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7CB3DAD-DD99-4D35-9F04-3E30D2430B32} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pricemeterwatcher => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD191AED-FD49-42A3-81B6-F6A1847A77AA} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply => Key not found.
"C:\ProgramData\TEMP" => ":373E1720" ADS not found.
"C:\Users\Aurelio\Documents\copel cta.tiff" => ": 3or4kl4x13tuuug3Byamue2s4b" ADS not found.
"C:\Users\Aurelio\Documents\copel cta.tiff" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.
"C:\Users\Aurelio\Documents\minha turma.tiff" => ": 3or4kl4x13tuuug3Byamue2s4b" ADS not found.
"C:\Users\Aurelio\Documents\minha turma.tiff" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.
"C:\Users\Todos os Usuários\TEMP" => ":373E1720" ADS not found.

==== End of Fixlog ====
avatar
Coelhocego
Iniciante
Iniciante

Mensagens : 37
Reputação : 0
Data de inscrição : 01/05/2014

Voltar ao Topo Ir em baixo

Re: Navegadores infectados!

Mensagem por Power Max em Sab 03 Maio 2014, 23:55

Como está seu PC depois destas limpezas?

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

:)

Mensagem por Coelhocego em Dom 04 Maio 2014, 00:06

Eu havia desinstalado o Chrome e o Firefox... Irei reinstala-los.
Apenas o IE 11 estava ativa. ( Apesar de eu QUASE nunca navegar através dele.)
Vou testar tudo e volto para dar meu testemunho.
Desde já gostaria de lhe agradecer e muito pela ajuda!
Grande abraço!!
avatar
Coelhocego
Iniciante
Iniciante

Mensagens : 37
Reputação : 0
Data de inscrição : 01/05/2014

Voltar ao Topo Ir em baixo

Re: Navegadores infectados!

Mensagem por Power Max em Dom 04 Maio 2014, 00:07

Valeu, ficamos na espera.   

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Navegadores infectados!

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum